(t *testing.T)
| 428 | } |
| 429 | |
| 430 | func (s) TestServerCredsProviderSwitch(t *testing.T) { |
| 431 | opts := ServerOptions{FallbackCreds: &errorCreds{}} |
| 432 | creds, err := NewServerCredentials(opts) |
| 433 | if err != nil { |
| 434 | t.Fatalf("NewServerCredentials(%v) failed: %v", opts, err) |
| 435 | } |
| 436 | ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) |
| 437 | defer cancel() |
| 438 | |
| 439 | // The first time the handshake function is invoked, it returns a |
| 440 | // HandshakeInfo which is expected to fail. Further invocations return a |
| 441 | // HandshakeInfo which is expected to succeed. |
| 442 | cnt := 0 |
| 443 | // Create a test server which uses the xDS server credentials created above |
| 444 | // to perform TLS handshake on incoming connections. |
| 445 | ts := newTestServerWithHandshakeFunc(ctx, func(rawConn net.Conn) handshakeResult { |
| 446 | cnt++ |
| 447 | var hi *xdsinternal.HandshakeInfo |
| 448 | if cnt == 1 { |
| 449 | // Create a HandshakeInfo which has a root provider which does not match |
| 450 | // the certificate sent by the client. |
| 451 | hi = xdsinternal.NewHandshakeInfo(makeRootProvider(t, "x509/server_ca_cert.pem"), makeIdentityProvider(t, "x509/client2_cert.pem", "x509/client2_key.pem"), nil, true, "", false, false) |
| 452 | |
| 453 | // Create a wrapped conn which can return the HandshakeInfo and |
| 454 | // configured deadline to the xDS credentials' ServerHandshake() |
| 455 | // method. |
| 456 | conn := newWrappedConn(rawConn, hi, time.Now().Add(defaultTestTimeout)) |
| 457 | |
| 458 | // ServerHandshake() on the xDS credentials is expected to fail. |
| 459 | if _, _, err := creds.ServerHandshake(conn); err == nil { |
| 460 | return handshakeResult{err: errors.New("ServerHandshake() succeeded when expected to fail")} |
| 461 | } |
| 462 | return handshakeResult{} |
| 463 | } |
| 464 | |
| 465 | hi = xdsinternal.NewHandshakeInfo(makeRootProvider(t, "x509/client_ca_cert.pem"), makeIdentityProvider(t, "x509/server1_cert.pem", "x509/server1_key.pem"), nil, true, "", false, false) |
| 466 | |
| 467 | // Create a wrapped conn which can return the HandshakeInfo and |
| 468 | // configured deadline to the xDS credentials' ServerHandshake() |
| 469 | // method. |
| 470 | conn := newWrappedConn(rawConn, hi, time.Now().Add(defaultTestTimeout)) |
| 471 | |
| 472 | // Invoke the ServerHandshake() method on the xDS credentials |
| 473 | // and make some sanity checks before pushing the result for |
| 474 | // inspection by the main test body. |
| 475 | _, ai, err := creds.ServerHandshake(conn) |
| 476 | if err != nil { |
| 477 | return handshakeResult{err: fmt.Errorf("ServerHandshake() failed: %v", err)} |
| 478 | } |
| 479 | if ai.AuthType() != "tls" { |
| 480 | return handshakeResult{err: fmt.Errorf("ServerHandshake returned authType %q, want %q", ai.AuthType(), "tls")} |
| 481 | } |
| 482 | info, ok := ai.(credentials.TLSInfo) |
| 483 | if !ok { |
| 484 | return handshakeResult{err: fmt.Errorf("ServerHandshake returned authInfo of type %T, want %T", ai, credentials.TLSInfo{})} |
| 485 | } |
| 486 | return handshakeResult{connState: info.State} |
| 487 | }) |
nothing calls this directly
no test coverage detected